Senior Communications Manager
Kirk Nahra Discusses New Health Privacy Rules at Industry Conference in Atlanta
Speaking at the American Health Information Management Association’s annual conference in Atlanta, Mr. Nahra offered tips for mitigating the impacts of data breaches. The conference was attended by more than 4,000 health care industry professionals.
“If you haven’t had a breach at your organization, you aren’t looking hard enough because everyone has them,” Mr. Nahra said. He added that the most important step to take in a breach situation is to act quickly to understand and mitigate its effects. “In an extraordinary amount of cases, you can actually fix the problem if you act quickly.”
Health care providers and insurance companies, known as covered entities, are subject to the Health Insurance Portability and Accountability Act (HIPAA) omnibus rule that took effect last month. Covered entities’ business associates also must comply with certain health privacy requirements.
Covered entities should sign new business associate agreements with their contractors as soon as possible, rather than waiting until a September 23, 2014 deadline, Mr. Nahra said. Most business associates are not fully compliant yet, so covered entities should push them to get there, he said.
Mr. Nahra added that too many covered entities also are not compliant with the data security rules, and have not updated their security policies and procedures in years, even though HIPAA has long required ongoing evaluation of those policies and procedures.